diff mbox series

[RFCv2,9/9] selftests: Initial TCP-AO support for fcnal-test

Message ID 3f6d654c1c36f489b471e2892c9231d6fa8fad7a.1628544649.git.cdleonard@gmail.com
State Superseded
Headers show
Series [RFCv2,1/9] tcp: authopt: Initial support and key management | expand

Commit Message

Leonard Crestez Aug. 9, 2021, 9:35 p.m. UTC
Just test that a correct password is required.

Signed-off-by: Leonard Crestez <cdleonard@gmail.com>
---
 tools/testing/selftests/net/fcnal-test.sh | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

Comments

David Ahern Aug. 11, 2021, 1:46 p.m. UTC | #1
On 8/9/21 3:35 PM, Leonard Crestez wrote:
> Just test that a correct password is required.

> 


This test suite needs to be comprehensive that the UAPI works as
designed and fails when it should - cleanly and with an extack message
as to why some config option fails. Tests should cover the datapath -
that it works properly when it should and fails cleanly when it should
not. If addresses are involved in the configuration, then the tests need
to be written for non VRFs, with VRFs and default VRF since addresses
are relative.

Also, in tree test suites are best for the maintenance of this code
going forward.
Leonard Crestez Aug. 11, 2021, 7:09 p.m. UTC | #2
On 11.08.2021 16:46, David Ahern wrote:
> On 8/9/21 3:35 PM, Leonard Crestez wrote:

>> Just test that a correct password is required.

>>

> 

> This test suite needs to be comprehensive that the UAPI works as

> designed and fails when it should - cleanly and with an extack message

> as to why some config option fails. Tests should cover the datapath -

> that it works properly when it should and fails cleanly when it should

> not. If addresses are involved in the configuration, then the tests need

> to be written for non VRFs, with VRFs and default VRF since addresses

> are relative.

> 

> Also, in tree test suites are best for the maintenance of this code

> going forward.


I can try to integrate my python test suite into kselftest. It's not a 
very orthodox choice but a rewrite in C would be much larger.

--
Regards,
Leonard
diff mbox series

Patch

diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh
index a8ad92850e63..569c340040f4 100755
--- a/tools/testing/selftests/net/fcnal-test.sh
+++ b/tools/testing/selftests/net/fcnal-test.sh
@@ -788,10 +788,31 @@  ipv4_ping()
 }
 
 ################################################################################
 # IPv4 TCP
 
+#
+# TCP Authentication Option Tests
+#
+ipv4_tcp_authopt()
+{
+	# basic use case
+	log_start
+	run_cmd nettest -s -A ${MD5_PW} &
+	sleep 1
+	run_cmd_nsb nettest -r ${NSA_IP} -A ${MD5_PW}
+	log_test $? 0 "AO: Simple password"
+
+	# wrong password
+	log_start
+	show_hint "Should timeout since client uses wrong password"
+	run_cmd nettest -s -A ${MD5_PW} &
+	sleep 1
+	run_cmd_nsb nettest -r ${NSA_IP} -A ${MD5_WRONG_PW}
+	log_test $? 2 "AO: Client uses wrong password"
+}
+
 #
 # MD5 tests without VRF
 #
 ipv4_tcp_md5_novrf()
 {
@@ -1119,10 +1140,11 @@  ipv4_tcp_novrf()
 	show_hint "Should fail 'Connection refused'"
 	run_cmd nettest -d ${NSA_DEV} -r ${a}
 	log_test_addr ${a} $? 1 "No server, device client, local conn"
 
 	ipv4_tcp_md5_novrf
+	ipv4_tcp_authopt
 }
 
 ipv4_tcp_vrf()
 {
 	local a